Yup, that was one of Red Hat's, Jenkins posted a request with multiple issues to the distros list, amaris@redhat.com assigned that CVE as well as others on 2017-01-30 (give or take a half day because timezones and whatnot). You can see it's aliased in our BZ to the related bug: